receiving spam from many contacts in my Contacts app

Question

Level 1

25 points

receiving spam from many contacts in my Contacts app

How is it possible that I'm receiving spoofed spam from MANY contacts in my Apple Contacts app? I don't sync or share these contacts with any other services. I'm now receiving several per week, and these are NOT work contacts... all are personal, and I rarely send them email.

I am receiving them to several of my email addresses ( these are NOT associated with my Apple ID ), and these contacts do not know each other ( which makes me believe that it's not because THEIR email / contact list was hacked / spoofed ).

All messages have a "tinyurl" link .

Posted on May 26, 2020 1:42 PM

Reply

Answer 1

i_rina

Community Specialist

May 27, 2020 11:12 AM in response to RTen1

Hi RTen1,

Thanks for your post! I see you are receiving some spam that is disguised as your contacts.

Please report any suspicious or spam content to Apple:

Recognize and avoid phishing messages, phony support calls, and other scams

Phishing & Other Suspicious Emails

Also, here is a reference to try to filter those emails from your main inbox:

Reduce junk mail in Mail on Mac

Let us know what you find out!

Take care!

Reply

Answer 2

sterling r

Community Specialist

Jun 8, 2020 8:19 AM in response to RTen1

Hi RTen1,

Thanks for the detailed response. I understand you believe your iCloud Contacts list has been compromised. As to how this occurred, I cannot determine. As you have said, your iCloud Contacts list can be synced with third party applications and software.

Check this for your Mac: System Preferences > Security & Privacy > Privacy > Contacts

If any apps or services have access to your contacts, try disabling the permission.

Also, if you are not already, make sure you are using two-factor authentication:

Two-factor authentication for Apple ID

Let us know what you find out!

Cheers!

Reply

Answer 3

tygb

Level 9

65,010 points

Jun 8, 2020 8:52 AM in response to RTen1

Uninstall all antivirus / third party apps / softwares erase the hard drive and reinstall Mac OS https://support.apple.com/en-in/HT204904

Hard reset you internet service provider router , if air port express is also configured that has to be hard reset .

Reply

Answer 4

RTen1 Author

Level 1

25 points

Jun 7, 2020 11:28 AM in response to i_rina

I appreciate your response, but this does not address the real problem. I am receiving numerous emails to my Apple ID email address that are spoofed to look like contacts from my Apple Contacts application. I do not use my Apple ID email address to communicate with these contacts, and these contacts do not know each other. Therefore, I can only conclude that my Contacts database has been compromised, either at the iCloud level, or via ingress into one of my computers running Contacts.

So, my question is how the iCloud Contacts database or an individual computer is typically compromised to allow spoofing. We run extensive anti-virus and security software and run computer scans several times per year, rarely finding malware.

My best guess is that a third party cloud services provider / SaaS service which has had access to my Contacts or the iCloud service has been compromised. I have used many dozens of cloud services over the past 10 years for work related tools (services like ContactsPlus, Pipedrive etc. would typically gain access to a user's Contacts list when activated ).

Appreciate any thoughts from someone with experience in these types of breaches.

Reply

receiving spam from many contacts in my Contacts app

Similar questions